A single-user blog

As an exercise, I’ve been trying to make the simplest possible blog, using the best possible tools.

It’s a single-user blog, so there’s no need to worry about protecting against malicious users, and the permissions are quite straightforward.

Authentication

The app uses Google for authentication, via Firebase. There’s a button to sign in, the OAuth2 callback is handled by react-redux-firebase, and there’s a button to sign out.

Database and permissions

The app uses Firebase’s Realtime Database to store the posts, divided into two collections: public, which anyone can read but only the authenticated user can write, and private, which only the authenticated user can read or write.

Each collection contains two further collections: content, which contains the HTML of each post, and metadata, which contains information about each post.

The authenticated user object contains a verified email address, which we use for permissions: